Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

finehout

Posted 24 October 2005 - 10:52 PM

finehout

banned

Banned

155 posts

hello,go to http://www.registryfix.com/download/that should fix your run time error to get rid of the virus run your cmputer in safe mode( to do that prees the f10 key right before the loading os screen if you don't know when that is just prees it repetedlly after the boot up gets done checking every thing) This will start your computer with minmal drivers and then the spy ware/ virus whatever it maybe wont be activated and then get rid of them.

miekiemoes

Posted 25 October 2005 - 01:58 PM

miekiemoes

Malware Expert

Member

5,503 posts

Hello,May I ask you a favour?Can you please send a copy of C:\Program Files\Security Toolbar\Security Toolbar.dll to next address? submit_stuffATxs4all.nl (replace AT with @)We really need this file for analysis. Thanks.To do this very easily, in your emailclient, choose attach and copy and paste next in the filenamefield:C:\Program Files\Security Toolbar\Security Toolbar.dllThis will attach the file to your mail.

So please post a new log in that forumpart there and post the link where you posted your new log in this thread, so I can take a look at your new log and give you instructions after sending that Security Toolbar.dll

miekiemoes

Posted 25 October 2005 - 05:49 PM

Anyway, let's deal with it now. You have several different infections present (probably Vundo as well, but we'll find out later). So we have to take care of this Step By Step.

Did you already send that file as I asked you? Please send it first before performing my steps.

After sending the file..

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!

First of all, go to start > control panel > software > add/remove Programs and look if Security Toolbar is present and uninstall it.I also see Logitech desktop Messenger Present. If you don't use it, I suggest you uninstall it as well, because it's known tat it can cause system slowdowns and errors.Reboot afterwards.

Download smitRem and save the file to your desktop.Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

* Reboot into Safe Mode`: ( without networking support !)°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

* Using Windows Explorer, locate the following files/folders, and delete it:

C:\WINDOWS\system32\svchop.exe

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.

* Now open Ewido Security SuiteClick on scanner

* Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom of the screen and click the Save report button. * Save the report to your desktop

Click "Launch Kaspersky Anti-Virus Web Scanner"You will be prompted if you want to install an ActiveX component from Kaspersky, click yes.This will start downloading the latest definition files. Once the files have been downloaded click on "Next"

* Click "Scan Settings" Select the following in Scan Settings (normally they are already selected by default)

°Scan using the following Anti-Virus database: Standard

°Scan Options: Scan Archives Scan Mail Bases

* Click OK* Under select a target to scan, select "My Computer"

* This program will start to scan your system. The scan will take a while so be patient and let it run. When the scan is done, it will show a list of infected files found.

* Click on the "Save as Text"- button: Save the scan log and post it along with a new HijackThis Log, the log smitfiles.txt (which you will find on your C:\) and the Ewido Log by using Add Reply.

It could be possible, after reboot that your system is using the windows classic theme again.To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons. Click apply and OK.

CGlase7

Posted 25 October 2005 - 10:55 PM

CGlase7

Member

Topic Starter

Member

18 posts

I performed all of the steps in order. It seems that all of the problems are fixed.

I was running Norton Internet Security, but deleted it a few days ago because it kept saying that I had a Trojan.Vundo and could not delete or repair it. My computer also freezes up a lot. It froze up about five times while trying to run Kaspersky.

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning.
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.

Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\msagent\intl\expun.dll

Press Enter to continue with the fix.

Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\msagent\intl\nupxe.*

Press Enter to continue with the fix.

The fix will run then HijackThis will open, if it does not open automatically please open it manually.

In HiJackThis, please place a check next to the following items and click FIX CHECKED:

TonyKlein

Posted 26 October 2005 - 12:03 PM

TonyKlein

Malware Expert

Expert

642 posts

BTW, thank you both for that security toolbar.dll file - as Miekiemoes must already have concluded, it's malware, hailing from the folks responsible for the notorious Spy Trooper/World AntiiSpy/PS Guard foistware alias FAKEALE-C TROJAN!!

AVG, Bitdefender OR Avast are good FREE antivirus.Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!Zonealarm, Kerio OR Sygate are FREE firewalls.

Install SpywareblasterSpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.Also make sure that your virusscanner, the one that is installed on your system is always up to date!

CGlase7

Posted 27 October 2005 - 06:02 AM

CGlase7

Member

Topic Starter

Member

18 posts

Things are running much faster and smoother. I think it has only froze up once since completing everything. Should I reinstall Norton Internet Security? It has a firewall and Anti-Virus or the free virus scans better?

miekiemoes

Posted 27 October 2005 - 06:21 AM

miekiemoes

Malware Expert

Member

5,503 posts

Hello,

Well, you have to decide yourself which antivirus you install. Or you choose Norton Internet Security which is shareware or you can choose a free antivirus and firewall which are also great!
So it's up to you.
Just make sure you DO install them, because you can't have a system without any protection present.
Also let your antivirus perform a full scan to get rid of some leftovers if present. And it won't hurt to scan with your antispywarescanners as well to clean up some more. Make sure they are up to date!

And!! As I already told you, don't forget to update your windows, because that's the most important thing!